Study On Multicast Security In Mobile Ad Hoc Networks

In Mobile Ad Hoc Networks (MANET), tasks need carrying out by a group of nodes while multicast is a suitable technique for collaborative applications. The group communication nature makes the combination of these two techniques a new application direction. According to the openness and resource lacking in MANET, security mechanisms and schemes tailored for wired networks and multicast environment will not work well if being introduced into MANET multicast directly. Security issues become the drawback in the extensive application of MANET multicast. It is necessary to study its special requirements and propose some efficient security mechanisms suitable for multicast over MANET.The thesis studies the security issues of the multicast over MANET from the view of group key management, certificate revocation, access control and security evaluation. Some schemes are provided in this thesis to resolve the issues.The research work of this thesis is supported by National Natural Science Foundation of China (No.60572035) and Beijing Municipality Key Laboratory of Communication and Information System (No. JD100040513).The main innovations of the thesis are as follows:1. A partial distributed multicast key management scheme based on mesh is proposed. It applies a distributed group key management center made up of a group of server nodes. The center limits the trust of the group member to a controllable range which promotes the security. The maintenance of the server group based on mesh improves the availability of group key service.2. A tree and cluster based group key management architecture is proposed here. Nodes are grouped into clusters and select a cluster-head for each cluster. A distributed logical key tree (LKT) is built among all the cluster-heads which is named global LKT (GLKT). There is also a centered local LKT (LLKT) ruled by cluster-head in every cluster whose leaves are corresponding to ordinary nodes. The two-level architecture integrates the advantages of the cluster and LKT which can limit most key updating overhead to local area with clustering and decrease the cost of contributory key negotiation among cluster-head by building GLKT. The time delay in key updating is reduced for the global serial processing is instead of multi-local parallel processing. 3. A certificate state management model with reversible characteristic is proposed to improve the performance of the certificatie revocation. A certificate credit is decided by other's opinion about its history credit record and transform factor according to its behavior. The certificate state can be deduced by the computation result of the credit. A certificate suspending process is introduced as a middle state before its revocation and a certificate in suspending can be promoted to be reactivating. The reversible states can prolong the lifetime of the good certificate and avoid its frequent revocation and reissue. The computation and communication overhead is also reduced.4. An RBAC model is proposed to provide sender and receiver access control for the group member. The model introduces user role certificate and policy certificate which are combined with group member monitoring mechanism to realize a fine-grained sender and receiver access control. The permissions of multicast member are controlled by roles which can weaken the relationship between member and permissions and enhance their adaptability to the dynamic environment.5. The static and dynamic security evaluation models are proposed for the security service based on threshold cryptography in MANET. The probability of the compromised nodes during the whole lifetime and the influence to the threshold of the secret share scheme are studied in static model. The number and the compromised probability of the nodes can be used to evaluate the system security quantitatively. On the other hand, using stochastic process approach the attack process and attack model are studied firstly, based on which a dynamic evaluation model is followed. The models can help predict the tendency of the network security and give the proper value of threshold and updating period of sharing secret.The research work on multicast security in Ad Hoc networks will be further on with the extention of its application.